Skip to content

Commit

Permalink
Deduplicate the rbac definition
Browse files Browse the repository at this point in the history
  • Loading branch information
@jbygdell
jbygdell committed Nov 22, 2024
1 parent 22ce6ef commit 029d423
Show file tree
Hide file tree
Showing 4 changed files with 46 additions and 109 deletions.
63 changes: 1 addition & 62 deletions .github/integration/scripts/charts/dependencies.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,65 +76,4 @@ yq -i '
.releasetest.secrets.accessToken = strenv(TEST_TOKEN)
' .github/integration/scripts/charts/values.yaml

cat >rbac.json <<EOD
{
"policy": [
{
"role": "admin",
"path": "/c4gh-keys/*",
"action": "(GET)|(POST)|(PUT)"
},
{
"role": "submission",
"path": "/file/ingest",
"action": "POST"
},
{
"role": "submission",
"path": "/file/accession",
"action": "POST"
},
{
"role": "submission",
"path": "/dataset/create",
"action": "POST"
},
{
"role": "submission",
"path": "/dataset/release/*dataset",
"action": "POST"
},
{
"role": "submission",
"path": "/users",
"action": "GET"
},
{
"role": "submission",
"path": "/users/:username/files",
"action": "GET"
},
{
"role": "*",
"path": "/files",
"action": "GET"
}
],
"roles": [
{
"role": "admin",
"rolebinding": "submission"
},
{
"role": "[email protected]",
"rolebinding": "admin"
},
{
"role": "[email protected]",
"rolebinding": "admin"
}
]
}
EOD

kubectl create secret generic api-rbac --from-file="rbac.json"
kubectl create secret generic api-rbac --from-file=".github/integration/sda/rbac.json"
47 changes: 0 additions & 47 deletions .github/integration/scripts/make_sda_credentials.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,50 +93,3 @@ if [ ! -f "/shared/grpcurl" ]; then
latest_grpculr=$(curl --retry 100 -sL https://api.github.com/repos/fullstorydev/grpcurl/releases/latest | jq -r '.name' | sed -e 's/v//')
curl --retry 100 -s -L "https://github.com/fullstorydev/grpcurl/releases/download/v${latest_grpculr}/grpcurl_${latest_grpculr}_linux_x86_64.tar.gz" | tar -xz -C /shared/ && chmod +x /shared/grpcurl
fi

cat >/shared/rbac.json <<EOD
{
"policy": [
{
"role": "admin",
"path": "/c4gh-keys/*",
"action": "(GET)|(POST)|(PUT)"
},
{
"role": "submission",
"path": "/file/ingest",
"action": "POST"
},
{
"role": "submission",
"path": "/file/accession",
"action": "POST"
},
{
"role": "submission",
"path": "/users",
"action": "GET"
},
{
"role": "submission",
"path": "/users/:username/files",
"action": "GET"
},
{
"role": "*",
"path": "/files",
"action": "GET"
}
],
"roles": [
{
"role": "admin",
"rolebinding": "submission"
},
{
"role": "[email protected]",
"rolebinding": "admin"
}
]
}
EOD
1 change: 1 addition & 0 deletions .github/integration/sda-s3-integration.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -299,6 +299,7 @@ services:
restart: always
volumes:
- ./sda/config.yaml:/config.yaml
- ./sda/rbac.json:/rbac.json
- shared:/shared

reencrypt:
Expand Down
44 changes: 44 additions & 0 deletions .github/integration/sda/rbac.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
{
"policy": [
{
"role": "admin",
"path": "/c4gh-keys/*",
"action": "(GET)|(POST)|(PUT)"
},
{
"role": "submission",
"path": "/file/ingest",
"action": "POST"
},
{
"role": "submission",
"path": "/file/accession",
"action": "POST"
},
{
"role": "submission",
"path": "/users",
"action": "GET"
},
{
"role": "submission",
"path": "/users/:username/files",
"action": "GET"
},
{
"role": "*",
"path": "/files",
"action": "GET"
}
],
"roles": [
{
"role": "admin",
"rolebinding": "submission"
},
{
"role": "[email protected]",
"rolebinding": "admin"
}
]
}

0 comments on commit 029d423

Please sign in to comment.